<?php
require("HTMLFunctions.php");
require("ValidationFunctions.php");

//database
require('ac_db.inc.php');

//set error reporting
error_reporting(E_ERROR | E_WARNING);

//set credentials for database
setcredentials("tr2286","databases8620", "w4111b.cs.columbia.edu/ADB");

//create DB instance
$db = new Db("Proj1", "Part3");

//declare vars of this script
$errorText = "";

//ensure that input is not blank which would mean that the site is illegally accessed
if(count($_POST) == 0){
	
	//if so, redirect to login
	echo "<meta http-equiv='refresh' content='0;url=http://localhost/login.php'>";
	exit;
}

//if the only input is username i.e. the size is 1
//then no update was performed yet
if(count($_POST) == 1){
	
	#now call the subroutine to display the update form
	displayPasswordUpdate($errorText, $db);
}

//otherwise we know that further information was submitted to the script so we verify if the user made valid changes
else{
	
	//now call function to process input
	//this function will take control of the flow of the script and determine what actions to further take
	processUpdate($errorText, $db);
}

//function to both determine the validity of the users input and to process the submission
//this funciton will call a function to determine if each of the data fields was entered correctly
function processUpdate($errorText, $db){
	
	//first determine if the two new passwords are valid and identical
	if(ValidationFunctions::validatePasswords($_POST{'password1'}, $_POST{'password2'}) == false){
		
		//if they are not, produce appropriate error message and redisplay submission
		$errorText = "<h4><font color=\"red\">Your new passwords did not match or were empty! Please try again.</font></h4>";
		
		//now redisplay
		displayPasswordUpdate($errorText, $db);
	}
	//now make sure that the former password is valid
	else{
		
		//make sure current password entered mathes the one on file
		//if it matches show success and store
		if(ValidationFunctions::loginUser($_POST['email'], $_POST['initialPW'], $db)){
			
			//now update the database
			$db -> updatePassword($_POST['email'], $_POST['password1']);
			
			//commit
			$db->commit();
			
			//call method to show the success page
			showSuccess($_POST['email'], $db);
		}
		
		//otherwise the current password was not enterd correctly so produce the correct error message and redisplay the form
		else{
			
			$errorText = "<h4><font color=\"red\">You did not enter the correct current password! Please try again.</font></h4>";
			
			//now redisplay
			displayPasswordUpdate($errorText, $db);
		}
	}
}

//function that is called whenever the user succesfully submits his/her data
//this function will display a success message to the user before redirecting to the main window
//the function is passed two parameters, the users first name and the username
function showSuccess($email, $db){
	
	//call method to display html beginnign
	HTMLFunctions::printHTMLHead("Successfully Updated Password!");
	
	HTMLFunctions::generateTitleBar("Password Updated Successfully",$email, $db);
	
	echo <<<END_HTML
	
	<!--now display the message to the user-->
	<h4>Please proceed to your profile for further action..</h4>
	<br>
	
END_HTML;

	//create array for button
	$parameterArray = array();
	$parameterArray['email'] = $email;
	
	//call subroutine to display button that returns the user to the profile
	HTMLFunctions::generateButton("profile.php", "Go To profile", $parameterArray);

	//close connection
	$db->closeSession();
	//now call method to produce closing html tags
	HTMLFunctions::printHTMLEnd();
}

//function to display the update page
//this function accepts an error message as a parameter to be displayed above the submission form
function displayPasswordUpdate($errorText, $db){
	
	//call routine to display beginning of html
	HTMLFunctions::printHTMLHead("Change Password");
	
	HTMLFunctions::generateTitleBar("Change Your Password Below",$_POST['email'], $db);
	
	//call the function to create the html code for the actual form and pass it the correct entries reference
	generatePasswordChangeHTML($errorText, $db);
	
	//close the db connection
	$db->closeSession();
	
	//now call method to produce closing html tags
	HTMLFunctions::printHTMLEnd();
}

//funciton to generate the actual password change html form
function generatePasswordChangeHTML($errorText, $db){
	
	//create a parameter array to pass to the function to display the generic header
	$parameterArray = array();
	$parameterArray['email'] = $_POST['email'];
	
	echo <<<END_HTML
	<!--now move to the main content of the site-->
	<div class="content">

	$errorText
	
	<!-- place form in table for appearance formatting-->
	<table>
		<form action="changePassword.php" method=POST>
		<!--old password-->
		<tr>
			<td><p>Current Password:</p></td>
			<td><input type="password" name="initialPW"></td>
		</tr>
		<!--new password-->
		<tr>
			<td><p>New Password:</p></td>
			<td><input type="password" name="password1"></td>
		</tr>
		<!--repeat new password-->
		<tr>
			<td><p>Repeat New Password:</p></td>
			<td><input type="password" name="password2"></td>
		</tr>
		
		<!-- now create a hidden field that resubmits the usernmae so that the script knows what user is being passed back-->
		<input type="hidden" name="email" value="{$_POST['email']}">
		
		<tr>
			<td><input type="submit" value="Submit"></form>
END_HTML;
		//call function to crate a cancel button
		//this button will link back to login
		HTMLFunctions::generateButton("profile.php", "Cancel", $parameterArray);
		
		//print remaining tags
		echo <<<END_HTML
			</td>
			</tr>
		</table>
END_HTML;
}
